I have a website that uses remote authentication via Kerberos. I've set everything up according to the Django documentation (https://docs.djangoproject.com/en/dev/howto/auth-remote-user/). Logging in works great, however logging out doesn't end the session. What can I do to ensure the user is fully logged out? Closing the browser window entirely does seem to work, but users need to have the ability to log out without closing the browser window.
可以将文章内容翻译成中文,广告屏蔽插件可能会导致该功能失效(如失效,请关闭广告屏蔽插件后再试):
问题:
回答1:
When user logs out from django, django session is destroyed, but user is still logged to Kerberos, and next request will automagically create new session again. You can't do anything about it in your django application. User have to log out from Kerberos himself, because Kerberos might be used to authenticate user in other services/applications at the same time.
回答2:
Use HttpResponse to return status 401.
def logout(request):
return HttpResponse(content, status=401)
This will log the user out from Kerebos.
Credit: I saw this solution elsewhere related to Basic Authentication.
{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://img.manongdao.com/sparkler-677774__340.jpg', '推荐 我命由我不由天 的文章《Django user logout with remote authentication》','https://www.manongdao.com/article-685115.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}